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AMENDMENTS TO THE CLAIMS 

1 1 . (currently amended) A method for determining secure endpoints of tunnels in a 

2 network that uses Internet security protocol, the method comprising the computer- 

3 implemented steps of : 

4 sending from a first network device a first description of network traffic that is to be 

5 protected , wherein the first description comprises a first set of proxies ; 

6 receiving, at the first network device and from a second network device, a second 

7 description of network traffic that is to be protected , wherein the second 

8 description comprises a second set of proxies ; 

9 creating and storing a third description of network traffic that is to be protected based 

10 on determining a logical intersection of the first description of network traffic 

1 1 and the second description of network traffic , wherein the step of creating and 

12 storing a third description further comprises the step of determining a largest 

13 common subset between the first set of proxies and the second set of proxies ; 

14 and 

1 5 establishing the secure connection between the first network device and the second 

1 6 network device based on the third description of network traffic. 

1 2. (canceled) 

1 3. (original) A method as recited in Claim 1, wherein the first description comprises a 

2 first protocol and the second description comprises a second protocol, and further 

3 comprising the steps of determining a third protocol for the third description based on 

4 determining a logical intersection of the first protocol and the second protocol. 
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1 4. (original) A method as recited in Claim 3 5 wherein determining the third protocol 

2 comprises the steps of: 

3 determining that the third protocol is IP when both the first description and the second 

4 description identify DP as a protocol; 

5 determining that the third protocol is a specific protocol when the first description 

6 identifies BP and the second description identifies the specific protocol; 

7 determining that the third protocol is a specific protocol when both the first 

8 description and the second description identify the same specific protocol. 

1 5. (original) The method as recited in Claim 1, wherein the first description comprises a 

2 packet summary value that summarizes packets in the network traffic to be protected, 

3 and wherein the second description is generated by the second network device based 

4 on comparing the packet summary value to one or more access control lists that are 

5 managed by the second network device. 

1 6. (original) The method as recited in Claim 1, wherein the first description of network 

2 traffic comprises a packet summary that includes: 

3 EP protocol information that is associated with the network traffic emanating from a 

4 source end host, wherein the source end host is associated with the first 

5 network device; 

6 port information that is associated with the source end host; 

7 port information that is associated with a destination end host, wherein the destination 

8 end host is associated with the second network device; 

9 an IP address that is associated with the source end host; 

10 an IP address that is associated with the destination end host; and 

1 1 a proxy address of the source end host; 
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wherein the second description is generated by the second network device based on 
comparing the packet summary to one or more access control lists that are 
managed by the second network device. 

(original) The method as recited in Claim 1, further comprising the step of: 
determining, at the second network device, whether the packet summary matches a 

security policy information that is associated with the second network device; 
wherein the packet summary is associated with the first description of network traffic. 

(original) The method as recited in Claim 1 5 wherein the second description of 
network traffic comprises a response that includes: 

IP protocol information that is associated with the network traffic emanating from a 
destination end host, wherein the destination end host is associated with the 
second network device; 

an IP address that is associated with the second network device; and 

proxy addresses that are associated with a destination end host. 

(original) The method as recited in Claim 8, wherein the proxy addresses that are 
associated with the destination end host include a first subnet that includes the 
destination end host and a second subnet that includes a source end host, wherein the 
source end host is associated with the first network device. 

(original) The method as recited in Claim 1, wherein deriving a third description of 
network traffic further comprises the step of: 

determining based on the first description of network traffic and the second 

description of network traffic a first intersection proxy comprising protocol 
information; 
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6 determining based on the first description of network traffic and the second 

7 description of network traffic a second intersection proxy comprising port 

8 information; and 

9 determining based on the first description of network traffic and the second 

10 description of network traffic a third intersection proxy comprising proxy 

1 1 address information. 

1 11. (original) The method as recited in Claim 1, further comprising the steps of: 

2 receiving at the first network device an EP packet from a source end host that is 

3 associated with the first network device; 

4 verifying that the EP packet falls within the third description of network traffic. 

1 12. (original) A method as recited in Claim 1, wherein the first description comprises a 

2 first port value and the second description comprises a second port value, and further 

3 comprising the steps of determining a third port value for the third description based 

4 on determining a logical intersection of the first port value and the second port value. 

1 13. (original) A method as recited in Claim 12, wherein determining the third port value 

2 comprises the steps of: 

3 determining that the third port value is a specific port value when both the first 

4 description and the second description identify the same specific port value; 

5 determining that the third port value is a specific port value when one of the first 

6 description and the second description identify the specific port value. 

1 14. (currently amended) A computer-readable medium carrying one or more sequences of 

2 instructions for determining secure endpoints of tunnels in a network that uses 

3 Internet security protocol, which instructions, when executed by one or more 

4 processors, cause the one or more processors to carry out the steps of: 
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5 sending from a first network device a first description of network traffic that is to be 

6 protected , wherein the first description comprises a first set of proxies ; 

7 receiving, at the first network device and from a second network device, a second 

8 description of network traffic that is to be protected , wherein the second 

9 description comprises a second set of proxies ; 

10 creating and storing a third description of network traffic that is to be protected based 

1 1 on determining a logical intersection of the first description of network traffic 

12 and the second description of network traffic , wherein the step of creating and 

13 storing a third description further comprises the step of determining a largest 

14 common subset between the first set of proxies and the second set of proxies ; 

15 and 

16 establishing the secure connection between the first network device and the second 

1 7 network device based on the third description of network traffic. 

1 15. (canceled) 

1 16. (original) A computer-readable medium as recited in Claim 14, wherein the first 

2 description comprises a first protocol and the second description comprises a second 

3 protocol, and further comprising the steps of determining a third protocol for the third 

4 description based on determining a logical intersection of the first protocol and the 

5 second protocol. 

1 17. (currently amended) A method for establishing a secure connection between two 

2 network devices, the method comprising the computer-implemented steps of: 

3 receiving, at a second network device and from a first network device, a first 

4 description of network traffic that is to be protected , wherein the first 

5 description comprises a first set of proxies ; 
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6 in response to receiving the first description of network traffic, creating and sending 

7 to the first network device a second description of network traffic that is to be 

8 protected , wherein the second description comprises a second set of proxies ; 

9 receiving at the second network device a third description of network traffic that is to 

10 be protected from the first network device based on a logical intersection of 

1 1 the first description of network traffic and the second description of network 

12 traffic , wherein the third description comprises a largest common subset 

13 between the first set of proxies and the second set of proxies ; and 

14 establishing the secure connection between the first network device and the second 

1 5 network device based on the third description of network traffic. 

1 18. (currently amended) A computer-readable medium carrying one or more sequences of 

2 instructions for establishing a secure connection between two network devices, which 

3 instructions, when executed by one or more processors, cause the one or more 

4 processors to carry out the steps of: 

5 receiving, at a second network device and from a first network device, a first 

6 description of network traffic that is to be protected , wherein the first 

7 description comprises a first set of proxies ; 

8 in response to receiving the first description of network traffic, creating and sending 

9 to the first network device a second description of network traffic that is to be 

10 protected , wherein the second description comprises a second set of proxies ; 

1 1 receiving at the second network device a third description of network traffic that is to 

12 be protected from the first network device based on a logical intersection of 

13 the first description of network traffic and the second description of network 

14 traffic , wherein the third description comprises a largest common subset 

15 between the first set of proxies and the second set of proxies ; and 

16 establishing the secure connection between the first network device and the second 

1 7 network device based on the third description of network traffic. 
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1 19. (currently amended) An apparatus for determining secure endpoints of tunnels in a 

2 network that uses Internet security protocol, comprising: 

3 means for sending from a first network device a first description of network traffic 

4 that is to be protected , wherein the first description comprises a first set of 

5 proxies ; 

6 means for receiving, at the first network device and from a second network device, a 

7 second description of network traffic that is to be protected , wherein the 

8 second description comprises a second set of proxies ; 

9 means for creating and storing a third description of network traffic that is to be 

10 protected based on determining a logical intersection of the first description of 

1 1 network traffic and the second description of network traffic , wherein the step 

12 of creating and storing a third description further comprises the step of 

13 determining a largest common subset between the first set of proxies and the 

14 second set of proxies ; and 

15 means for establishing the secure connection between the first network device and the 

16 second network device based on the third description of network traffic. 
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20. (currently amended) An apparatus for determining secure endpoints of tunnels in 
a network that uses Internet security protocol, comprising: 
a network interface that is coupled to the network for receiving one or more 

packet flows therefrom; 
a processor; 

one or more stored sequences of instructions which, when executed by the 
processor, cause the processor to carry out the steps of: 
sending from a first network device a first description of network traffic 
that is to be protected , wherein the first description comprises a 
first set of proxies ; 
receiving, at the first network device and from a second network device, a 
second description of network traffic that is to be protected^ 
wherein the second description comprises a second set of proxies ; 
creating and storing a third description of network traffic that is to be 
protected based on determining a logical intersection of the first 
description of network traffic and the second description of 
network traffic , wherein the step of creating and storing a third 
description further comprises the step of determining a largest 
common subset between the first set of proxies and the second set 
of proxies ; and 

establishing the secure connection between the first network device and 
the second network device based on the third description of 
network traffic. 
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